Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-7545

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.

Published

2020-12-01T15:15:12.297

Last Modified

2024-11-21T05:37:21.233

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	schneider-electric	ecostruxure_energy_expert	2.0	Yes
Application	schneider-electric	ecostruxure_power_monitoring_expert	7.0	Yes
Application	schneider-electric	ecostruxure_power_monitoring_expert	8.0	Yes
Application	schneider-electric	ecostruxure_power_monitoring_expert	9.0	Yes
Application	schneider-electric	power_manager	1.1	Yes
Application	schneider-electric	power_manager	1.2	Yes
Application	schneider-electric	power_manager	1.3	Yes
Application	schneider-electric	powerscada_expert_with_advanced_reporting_and_dashboards	8.0	Yes
Application	schneider-electric	powerscada_operation_with_advanced_reporting_and_dashboards	9.0	Yes

References

https://www.se.com/ww/en/download/document/SEVD-2020-287-04/ Vendor Advisory ([email protected])
https://www.se.com/ww/en/download/document/SEVD-2020-287-04/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)